You need to replace AAA and BBB with actual strings corresponding to
each of the unwanted cipher suites.

The advisor that tells you to disable "CBC ciphers" is mostly wrong.
There is nothing inherently bad about correctly using ciphers in CBC
mode, however some TLS protocol versions happen to use CBC cipher
suites in a problematic way, while having no secure non-CBC cipher
suites. More recent TLS versions (such as TLS 1.2) have less
problematic (but not perfect) CBC usage and also offers some
overhyped US government ciphers such as the AES_GCM family.